According to the NIST National Vulnerability Database (via Forbes), a maliciously written message could result in a permanent denial of service attack that would brick a phone running Android 8, 8.1, 9, or 10. The December Android security update includes a patch for CVE-2019-2232 which means that if the update has been sent to your phone, install it immediately. But again, the real problem is that only a limited number of devices have it at the moment.
Earlier this month, information about the "StrandHogg" vulnerability was released by security software developer Promon. Disguised as a legitimate app, this malware put the top 500 Android apps at risk (Promon partner Lookout discovered 36 malicious apps that actually carried the vulnerability) and allowed bad actors (without root access) to listen in on Android users through a phone's microphone, take control of the camera and remotely snap pictures, read and send SMS messages from a handset, make and record phone calls, learn a user's location through GPS access, see photos and files on an Android handset, view contacts, phone logs and more.
With "StrandHogg," an Android user would click on the icon belonging to a legit app. Instead of the legit app, malware would be displayed asking for certain permissions. Once these permissions were granted by the unsuspecting Android user, the hacker was given the green light to hack away. This vulnerability could unleash a phishing attack allowing the bad actor to obtain important personal data.
Source:
https://www.forbes.com/sites/daveywi.../#3bab502f66fe
https://www.phonearena.com/news/Late...users_id120973
Are BlackBerry phones affected by this malware?